From d5a49ae4ef92ceff0e7737af3ffdc366f898b6b2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Wed, 5 Aug 2015 15:33:37 +0000 Subject: [PATCH] no ip range --- container.json | 293 ++++++++++++++++++++----------- default.conf | 9 +- hooks/cleanup-lxc-config | 2 +- hooks/create-lxc-config | 20 ++- hooks/dn42-routes | 5 +- hooks/lib/lxc/container.rb | 48 ++--- hooks/lib/lxc/rdns.rb | 2 + hooks/lib/lxc/template.rb | 3 + hooks/update-lxc-configs | 3 +- hooks/update-mounts | 59 +++++++ templates/config.erb | 11 +- templates/higgsboson.tk.zone.erb | 2 +- templates/lxc-zone.erb | 18 +- templates/rdns-zone.erb | 4 +- 14 files changed, 310 insertions(+), 169 deletions(-) create mode 100755 hooks/update-mounts diff --git a/container.json b/container.json index bd19b28..ec7aae8 100644 --- a/container.json +++ b/container.json @@ -1,7 +1,7 @@ { "zone": { "soa": "ns1.higgsboson.tk.", - "serial": 149, + "serial": 175, "refresh": "1H", "hostmaster": "hostmaster.higgsboson.tk", "domain": "eve.higgsboson.tk", @@ -11,37 +11,24 @@ "retry": "4H", "expire": "3W", "minimum": "1D", - "v4_subnet": "192.168.66.0/24", - "dn42_v4_subnet": "172.23.75.0/24", + "v4_subnet": "172.23.75.0/26", + "ula_subnet": "fdc0:4992:6a6d::/80", "v6_subnet": "2a01:4f8:210:31fd:1::/80" }, "network": { - "tinc1": { - "ipv4": "188.166.16.37", - "ipv6": "2a03:b0c0:2:d0::2a5:f004", - "lxc": false - }, - "tinc2": { - "ipv4": "188.166.16.37", - "ipv6": "2a03:b0c0:0:1010::3d:b003", - "lxc": false - }, "eve": { - "ipv4": "192.168.66.1", - "ipv6": "2a01:4f8:210:31fd::1", - "lxc": false - }, - "eva": { - "ipv4": "192.168.67.1", - "ipv6": "2a03:b0c0:2:d0::2a5:f001", + "ipv4": "172.23.75.2", + "ipv6": "2a01:4f8:210:31fd::2", "lxc": false }, "bridge": { - "ipv4": "192.168.66.1/32", - "ipv6": "2a01:4f8:210:31fd:1::1/128", + "ipv4": "172.23.75.2", + "ipv6": "2a01:4f8:210:31fd:1::2/128", + "ula": "fdc0:4992:6a6d::2/128", "lxc": false }, "jabber": { + "ipv4": "172.23.75.22/32", "ipv6": "2a01:4f8:210:31fd:1::16/128", "rdns6": "jabber.higgsboson.tk", "lxc": false @@ -50,24 +37,79 @@ "srv": "0 5 5222 jabber", "lxc": false }, - "olddevkid": { - "ipv4": "192.168.66.100/32", - "ipv6": "2a01:4f8:210:31fd:1::40/128", - "lxc": false - }, "base": { - "ipv4": "192.168.66.2/32", - "ipv6": "2a01:4f8:210:31fd:1::2/128" + "ipv4": "172.23.75.63/32", + "ipv6": "2a01:4f8:210:31fd:1::3f/128", + "ula": "fdc0:4992:6a6d::3f/128" }, "ldap": { - "ipv4": "192.168.66.3/32", + "ipv4": "172.23.75.3/32", "ipv6": "2a01:4f8:210:31fd:1::3/128", - "group": "php" + "group": "php", + "ula": "fdc0:4992:6a6d::3/128" }, "web": { - "ipv4": "192.168.66.5/32", + "ipv4": "172.23.75.5/32", "rdns6": "web.higgsboson.tk", - "ipv6": "2a01:4f8:210:31fd:1::5/128" + "ipv6": "2a01:4f8:210:31fd:1::5/128", + "mounts": { + "istwiki": { + "srv/http/ist.devkid.net": true + }, + "git": { + "usr/share/webapps/gitlab": true, + "var/lib/gitlab/assets": true, + "var/lib/gitlab/uploads": true + }, + "halfcode": { + "srv/http/halfco.de": true + }, + "jtes": { + "home/jtes/server/public": "srv/http/jtes.halfco.de" + }, + "ldapadmin": { + "usr/share/webapps/phpldapadmin": true + }, + "rainloop": { + "srv/http/mail.higgsboson.tk": true + }, + "etherpad": { + "/usr/share/webapps/etherpad-lite/src/static": "/srv/http/pad.higgsboson.tk/static" + }, + "parkendd": { + "srv/http/park-api.higgsboson.tk": true, + "srv/http/staging.park-api.higgsboson.tk": true, + "var/log/parkendd": true + }, + "phonefinder": { + "srv/http/phonefinder.halfco.de": true + }, + "seafile": { + "srv/seafile/seafile.higgsboson.tk/seahub-data/avatars": "srv/http/seafile/avatars", + "srv/seafile/seafile.higgsboson.tk/seafile-server/seahub/media": "srv/http/seafile/media" + }, + "tweetnest": { + "srv/http/tweets.higgsboson.tk": true + }, + "ytm": { + "srv/http/ytm.halfco.de": true + }, + "owncloud": { + "usr/share/webapps/owncloud": true + }, + "piwik": { + "usr/share/webapps/piwik": true + }, + "pyload": { + "var/lib/pyload/Downloads": "mnt/pyload" + }, + "phpmyadmin": true, + "ttrss": { + "usr/share/webapps/tt-rss": true, + "var/lib/tt-rss/feed-icons": true + } + }, + "ula": "fdc0:4992:6a6d::5/128" }, "ns1": { "ns": true, @@ -82,81 +124,84 @@ "ipv6": "2a03:b0c0:0:1010::3d:b002/128" }, "dns": { - "ipv4": "192.168.66.6/32", + "ipv4": "172.23.75.6/32", "ipv6": "2a01:4f8:210:31fd:1::6/128", "rdns6": "ns1.higgsboson.tk", - "dn42_ipv4": "172.23.75.6/32", - "dn42_ipv6": "fdc0:4992:6a6d:6::1/64" + "ula": "fdc0:4992:6a6d::6/128" }, "dn42": { - "ipv4": "192.168.66.31/32", - "ipv6": "2a01:4f8:210:31fd:1::1f/128", - "dn42_ipv4": "172.23.75.1/32", - "dn42_ipv6": "fdc0:4992:6a6d:1::1/64" + "ipv4": "172.23.75.1/32", + "ipv6": "2a01:4f8:210:31fd:1::1/128", + "ula": "fdc0:4992:6a6d::1/128" }, "faces": { - "ipv4": "192.168.66.7/32", - "ipv6": "2a01:4f8:210:31fd:1::7/128" + "ipv4": "172.23.75.7/32", + "ipv6": "2a01:4f8:210:31fd:1::7/128", + "ula": "fdc0:4992:6a6d::7/128" }, "jtes": { - "ipv4": "192.168.66.8/32", - "ipv6": "2a01:4f8:210:31fd:1::8/128" + "ipv4": "172.23.75.8/32", + "ipv6": "2a01:4f8:210:31fd:1::8/128", + "ula": "fdc0:4992:6a6d::8/128" }, "mysql": { - "ipv4": "192.168.66.9/32", + "ipv4": "172.23.75.9/32", "ipv6": "2a01:4f8:210:31fd:1::9/128", "backup-scripts": [ { "backupname": "mysqldbs", "command": "backup-mysql" } - ] + ], + "ula": "fdc0:4992:6a6d::9/128" }, "gitweb": { "cname": "web", "lxc": false }, "git": { - "ipv4": "192.168.66.4/32", + "ipv4": "172.23.75.4/32", "rdns6": "git.higgsboson.tk", - "ipv6": "2a01:4f8:210:31fd:1::4/128" + "ipv6": "2a01:4f8:210:31fd:1::4/128", + "ula": "fdc0:4992:6a6d::4/128" }, "postgres": { - "ipv4": "192.168.66.10/32", + "ipv4": "172.23.75.10/32", "ipv6": "2a01:4f8:210:31fd:1::a/128", "backup-scripts": [ { "backupname": "postgresdbs", "command": "backup-postgres" } - ] + ], + "ula": "fdc0:4992:6a6d::a/128" }, "phpmyadmin": { - "ipv4": "192.168.66.11/32", + "ipv4": "172.23.75.11/32", "ipv6": "2a01:4f8:210:31fd:1::b/128", + "ula": "fdc0:4992:6a6d::b/128", "group": "php", "vars": { "php_extensions": [ "mysql", "pdo_mysql" ] - }, - "lxc": false + } }, "phppgadmin": { - "ipv4": "192.168.66.13/32", + "ipv4": "172.23.75.13/32", "ipv6": "2a01:4f8:210:31fd:1::d/128", + "ula": "fdc0:4992:6a6d::d/128", "group": "php", "vars": { "php_extensions": [ "pgsql", "pdo_pgsql" ] - }, - "lxc": false + } }, "adminer": { - "ipv4": "192.168.66.14/32", + "ipv4": "172.23.75.14/32", "ipv6": "2a01:4f8:210:31fd:1::e/128", "group": "php", "vars": { @@ -166,18 +211,20 @@ "pgsql", "pdo_pgsql" ] - } + }, + "ula": "fdc0:4992:6a6d::e/128" }, "mail": { - "ipv4": "192.168.66.16/32", + "ipv4": "172.23.75.16/32", "ipv6": "2a01:4f8:210:31fd:1::10/128", "rdns6": "mail.higgsboson.tk", "backup-paths": [ "var/vmail" - ] + ], + "ula": "fdc0:4992:6a6d::10/128" }, "istwiki": { - "ipv4": "192.168.66.17/32", + "ipv4": "172.23.75.17/32", "ipv6": "2a01:4f8:210:31fd:1::11/128", "group": "php", "vars": { @@ -185,10 +232,11 @@ "mysql", "pdo_mysql" ] - } + }, + "ula": "fdc0:4992:6a6d::11/128" }, "ytm": { - "ipv4": "192.168.66.18/32", + "ipv4": "172.23.75.18/32", "ipv6": "2a01:4f8:210:31fd:1::12/128", "group": "php", "vars": { @@ -197,20 +245,22 @@ "mysqli", "pdo_mysql" ] - } + }, + "ula": "fdc0:4992:6a6d::12/128" }, "ldapadmin": { - "ipv4": "192.168.66.12/32", + "ipv4": "172.23.75.12/32", "ipv6": "2a01:4f8:210:31fd:1::c/128", "group": "php", "vars": { "php_extensions": [ "ldap" ] - } + }, + "ula": "fdc0:4992:6a6d::c/128" }, "rainloop": { - "ipv4": "192.168.66.19/32", + "ipv4": "172.23.75.19/32", "ipv6": "2a01:4f8:210:31fd:1::13/128", "group": "php", "vars": { @@ -219,10 +269,11 @@ "pdo_pgsql", "openssl" ] - } + }, + "ula": "fdc0:4992:6a6d::13/128" }, "owncloud": { - "ipv4": "192.168.66.15/32", + "ipv4": "172.23.75.15/32", "ipv6": "2a01:4f8:210:31fd:1::f/128", "group": "php", "vars": { @@ -242,10 +293,11 @@ "exif", "imagick" ] - } + }, + "ula": "fdc0:4992:6a6d::f/128" }, "ttrss": { - "ipv4": "192.168.66.20/32", + "ipv4": "172.23.75.20/32", "ipv6": "2a01:4f8:210:31fd:1::14/128", "group": "php", "vars": { @@ -258,25 +310,28 @@ "ldap", "mcrypt" ] - } + }, + "ula": "fdc0:4992:6a6d::14/128" }, "teamspeak": { - "ipv4": "192.168.66.21/32", + "ipv4": "172.23.75.21/32", "ipv6": "2a01:4f8:210:31fd:1::15/128", "backup-paths": [ "var/lib/teamspeak3-server" - ] + ], + "ula": "fdc0:4992:6a6d::15/128" }, "prosody": { - "ipv4": "192.168.66.22/32", + "ipv4": "172.23.75.22/32", "ipv6": "2a01:4f8:210:31fd:1::16/128", "rdns6": "jabber.higgsboson.tk", "backup-paths": [ "var/lib/prosody" - ] + ], + "ula": "fdc0:4992:6a6d::16/128" }, "piwik": { - "ipv4": "192.168.66.23/32", + "ipv4": "172.23.75.23/32", "ipv6": "2a01:4f8:210:31fd:1::17/128", "group": "php", "vars": { @@ -287,10 +342,11 @@ "gd", "iconv" ] - } + }, + "ula": "fdc0:4992:6a6d::17/128" }, "tweetnest": { - "ipv4": "192.168.66.24/32", + "ipv4": "172.23.75.24/32", "ipv6": "2a01:4f8:210:31fd:1::18/128", "group": "php", "vars": { @@ -300,59 +356,98 @@ "pdo_mysql", "curl" ] - } + }, + "ula": "fdc0:4992:6a6d::18/128" }, "etherpad": { - "ipv4": "192.168.66.25/32", - "ipv6": "2a01:4f8:210:31fd:1::19/128" + "ipv4": "172.23.75.25/32", + "ipv6": "2a01:4f8:210:31fd:1::19/128", + "ula": "fdc0:4992:6a6d::19/128" }, "pyload": { - "ipv4": "192.168.66.26/32", - "ipv6": "2a01:4f8:210:31fd:1::1a/128" + "ipv4": "172.23.75.26/32", + "ipv6": "2a01:4f8:210:31fd:1::1a/128", + "ula": "fdc0:4992:6a6d::1a/128" }, "squid": { - "ipv4": "192.168.66.27/32", - "ipv6": "2a01:4f8:210:31fd:1::1b/128" + "ipv4": "172.23.75.27/32", + "ipv6": "2a01:4f8:210:31fd:1::1b/128", + "ula": "fdc0:4992:6a6d::1b/128" }, "classifier": { - "ipv4": "192.168.66.28/32", - "ipv6": "2a01:4f8:210:31fd:1::1c/128" + "ipv4": "172.23.75.28/32", + "ipv6": "2a01:4f8:210:31fd:1::1c/128", + "ula": "fdc0:4992:6a6d::1c/128" }, "seafile": { - "ipv4": "192.168.66.29/32", - "ipv6": "2a01:4f8:210:31fd:1::1d/128" + "ipv4": "172.23.75.29/32", + "ipv6": "2a01:4f8:210:31fd:1::1d/128", + "ula": "fdc0:4992:6a6d::1d/128" }, "login": { - "ipv4": "192.168.66.30/32", + "ipv4": "172.23.75.30/32", "ipv6": "2a01:4f8:210:31fd:1::1e/128", "rdns6": "login.higgsboson.tk", + "mounts": { + "pyload": { + "var/lib/pyload/Downloads": "mnt/pyload" + } + }, "vars": { - "ssh_ldap": true - } + "ssh_ldap": true, + "install_dn42_ca": false, + "add_repo_in_pacman_conf": false, + "additional_admins": [ + { + "dest": "/var/lib/aurrepo/", + "owner": "aurrepo", + "group": "aurrepo" + } + ] + }, + "ula": "fdc0:4992:6a6d::1e/128" }, "halfcode": { - "ipv4": "192.168.66.32/32", + "ipv4": "172.23.75.32/32", "ipv6": "2a01:4f8:210:31fd:1::20/128", "group": "php", "vars": { "php_extensions": [ ] - } + }, + "ula": "fdc0:4992:6a6d::20/128" }, "phonefinder": { - "ipv4": "192.168.66.33/32", + "ipv4": "172.23.75.33/32", "ipv6": "2a01:4f8:210:31fd:1::21/128", "group": "php", "vars": { "php_extensions": [ ] - } + }, + "ula": "fdc0:4992:6a6d::21/128" }, "terraria": { - "ipv4": "192.168.66.34/32", - "ipv6": "2a01:4f8:210:31fd:1::22/128" + "ipv4": "172.23.75.34/32", + "ipv6": "2a01:4f8:210:31fd:1::22/128", + "ula": "fdc0:4992:6a6d::22/128" + }, + "ghost": { + "ipv4": "172.23.75.35/32", + "ipv6": "2a01:4f8:210:31fd:1::23/128", + "ula": "fdc0:4992:6a6d::23/128" + }, + "bitlbee": { + "ipv4": "172.23.75.36/32", + "ipv6": "2a01:4f8:210:31fd:1::24/128", + "ula": "fdc0:4992:6a6d::24/128" + }, + "parkendd": { + "ipv4": "172.23.75.37/32", + "ipv6": "2a01:4f8:210:31fd:1::25/128", + "ula": "fdc0:4992:6a6d::25/128" } } } diff --git a/default.conf b/default.conf index 16b7aa8..563d04d 100644 --- a/default.conf +++ b/default.conf @@ -1,6 +1,6 @@ lxc.autodev = 1 lxc.kmsg = 0 -lxc.cap.drop = sys_module mac_admin mac_override sys_time net_admin sys_nice sys_pacct sys_rawio +lxc.cap.keep = chown dac_override dac_read_search fowner fsetid ipc_owner kill lease linux_immutable net_bind_service net_broadcast net_raw setgid setfcap setpcap setuid sys_admin sys_chroot sys_nice sys_ptrace sys_tty_config sys_resource sys_boot audit_write audit_control mknod # Setup the LXC devices in /dev/lxc/ lxc.devttydir = lxc @@ -21,8 +21,8 @@ lxc.network.link = br0 lxc.network.flags = up lxc.network.name = eth0 lxc.network.mtu = 1500 -lxc.network.ipv4.gateway = 192.168.66.1 -lxc.network.ipv6.gateway = 2a01:4f8:210:31fd:1::1 +lxc.network.ipv4.gateway = 172.23.75.2 +lxc.network.ipv6.gateway = 2a01:4f8:210:31fd:1::2 # cgroups lxc.cgroup.devices.deny = a @@ -62,7 +62,7 @@ lxc.mount.auto = cgroup:mixed proc:mixed sys:mixed lxc.mount.entry = /sys/fs/fuse/connections sys/fs/fuse/connections none bind,optional 0 0 lxc.mount.entry = /data/pacman/pkg var/cache/pacman/pkg none bind 0 0 lxc.mount.entry = /data/pacman/sync var/lib/pacman/sync none bind 0 0 -lxc.mount.entry = /data/repo srv/repo none bind,ro,create=dir 0 0 +lxc.mount.entry = /data/containers/login/rootfs/var/lib/aurrepo srv/repo none bind,ro,create=dir,umask=0 0 0 lxc.mount.entry = /run/systemd/journal mnt/journal none bind,ro,create=dir 0 0 lxc.hook.clone = /etc/lxc/hooks/setup-machine-id @@ -72,3 +72,4 @@ lxc.hook.clone = /etc/lxc/hooks/create-lxc-config lxc.hook.clone = /etc/lxc/hooks/update-zone lxc.hook.clone = /etc/lxc/hooks/update-hetzner-rdns lxc.hook.clone = /etc/lxc/hooks/ansible +lxc.hook.autodev = /etc/lxc/hooks/dn42-routes diff --git a/hooks/cleanup-lxc-config b/hooks/cleanup-lxc-config index c8c452a..3d83b95 100755 --- a/hooks/cleanup-lxc-config +++ b/hooks/cleanup-lxc-config @@ -14,7 +14,7 @@ network.each do |host, value| end if modified - registry.write + registry.save else puts "Unchanged" end diff --git a/hooks/create-lxc-config b/hooks/create-lxc-config index 061fed2..c4b18d5 100755 --- a/hooks/create-lxc-config +++ b/hooks/create-lxc-config @@ -13,6 +13,7 @@ options = OpenStruct.new options.container_name = try_env("LXC_NAME") options.container_config = try_env("LXC_CONFIG_FILE") options.rootfs = try_env("LXC_ROOTFS_PATH") +options.mounts = Hash.new { |hash,key| hash[key] = {} } OptionParser.new do |opts| opts.banner = "Usage: create-lxc-config [options]" @@ -23,15 +24,18 @@ OptionParser.new do |opts| opts.on("-6", "--ipv6", "public Ipv6 subnet") do |v| options.ipv6 = v end - opts.on("--dn42-ipv4", String, "dn42 ipv4") do |v| - options.dn42_ipv4 = v - end - opts.on("--dn42-ipv6", String, "dn42 ipv6") do |v| - options.dn42_ipv6 = v + opts.on("--ula", String, "private unique local ipv6 subnet") do |v| + options.ula = v end opts.on("--group GROUP", String, "set ansible group (default NONE)") do |group| options.group = group end + opts.on("--mounts other_container,/src/dir,/dest/path", Array, "mount other container path") do |args| + if args.size != 3 + abort "expect 3 arguments for --mounts got: #{args.size}: USAGE: other_container,/src/dir,/dest/path" + end + options.mounts[args[0]][args[1]] = args[2] + end opts.on("--vars FILE", String, "set json file for ansible variables") do |vars| begin options.vars = JSON.load(File.open(vars)) @@ -52,9 +56,9 @@ container = Lxc::Container.new(registry.data, ipv4: options.ipv4, ipv6: options.ipv6, rootfs: options.rootfs, - dn42_ipv4: options.dn42_ipv4, - dn42_ipv6: options.dn42_ipv4, + ula: options.ula, group: options.group, - vars: options.vars) + vars: options.vars, + mounts: options.mounts) container.write_config(options.container_config) registry.save diff --git a/hooks/dn42-routes b/hooks/dn42-routes index 8383db4..9fcb222 100755 --- a/hooks/dn42-routes +++ b/hooks/dn42-routes @@ -1,7 +1,6 @@ #!/bin/bash -ip rule add from 172.23.75.0/24 table 42 -ip route add 192.168.66.0/24 via 172.23.75.4 dev eth1 table 42 ip route add 172.16.0.0/12 via 172.23.75.1 ip route add 10.0.0.0/8 via 172.23.75.1 -ip route flush cache +ip -6 route add fc00::/7 via fdc0:4992:6a6d::1 +exit 0 diff --git a/hooks/lib/lxc/container.rb b/hooks/lib/lxc/container.rb index f70f8a7..9abe5d6 100644 --- a/hooks/lib/lxc/container.rb +++ b/hooks/lib/lxc/container.rb @@ -5,9 +5,7 @@ require "fileutils" module Lxc class Container - def initialize(data, name:, ipv4: nil, ipv6: nil, - dn42_ipv4: nil, dn42_ipv6: nil, - **options) + def initialize(data, name:, ipv4: nil, ipv6: nil, ula: nil, **options) @data = data @data["network"] ||= {} @data["network"][name] = {} @@ -15,25 +13,13 @@ module Lxc zone = @data["zone"] || {} @ipv4_subnet = NetAddr::CIDR.create(zone["v4_subnet"] || "192.168.10.0/24") @ipv6_subnet = NetAddr::CIDR.create(zone["v6_subnet"] || "fd7d:aed0:18aa::/48") - - if subnet = zone["dn42_v4_subnet"] - @dn42_ipv4_netmask = NetAddr::CIDR.create(subnet).to_i(:netmask) - else - @dn42_ipv4_netmask = 24 - end - - if subnet = zone["dn42_v6_subnet"] - @dn42_ipv6_netmask = NetAddr::CIDR.create(subnet).to_i(:netmask) - else - @dn42_ipv6_netmask = 48 - end + @ula_subnet = NetAddr::CIDR.create(zone["ula_subnet"] || "fdc5:bdb8:b81::/48") network = data["network"] @name = name - @ipv4 = ipv4 ||= ipv4 || find_address(@ipv4_subnet, collect_subnets(network, "ipv4")) - @ipv6 = ipv6 ||= find_address(@ipv6_subnet, collect_subnets(network, "ipv6")) - @dn42_ipv4 = dn42_ipv4 - @dn42_ipv6 = dn42_ipv6 + @ipv4 = ipv4 || find_address(@ipv4_subnet, collect_subnets(network, "ipv4")) + @ipv6 = ipv6 || find_address(@ipv6_subnet, collect_subnets(network, "ipv6")) + @ula = ula || find_address(@ula_subnet, collect_subnets(network, "ula")) @options = options end @@ -41,20 +27,14 @@ module Lxc c = @data["network"][@name] || {} c["ipv4"] = NetAddr::CIDR.create(@ipv4).to_s(Short: true) c["ipv6"] = NetAddr::CIDR.create(@ipv6).to_s(Short: true) + c["ula"] = NetAddr::CIDR.create(@ula).to_s(Short: true) c["group"] = @options[:group] if @options[:group] c["vars"] = @options[:vars] if @options[:vars] + opts = @options.merge(name: @name, ipv4: format_address(@ipv4, @ipv4_subnet.to_i(:netmask)), - ipv6: format_address(@ipv6, @ipv6_subnet.to_i(:netmask))) - if @dn42_ipv4 - opts[:dn42_ipv4] = format_address(@dn42_ipv4, @dn42_ipv4_netmask) - c["dn42_ipv4"] = NetAddr::CIDR.create(@dn42_ipv4).to_s(Short: true) - end - - if @dn42_ipv6 - opts[:dn42_ipv6] = format_address(@dn42_ipv6, @dn42_ipv6_netmask) - c["dn42_ipv6"] = NetAddr::CIDR.create(@dn42_ipv6).to_s(Short: true) - end + ipv6: format_address(@ipv6, @ipv6_subnet.to_i(:netmask)), + ula: format_address(@ula, @ula_subnet.to_i(:netmask))) config_dir = File.dirname(config_path) local_conf = File.join(config_dir, "local.conf") @@ -73,9 +53,13 @@ module Lxc end def collect_subnets(network, type) - network.map do |k,v| - NetAddr::CIDR.create(v[type]) if v[type] - end.compact + addrs = [] + network.each do |k,v| + if v[type] + addrs << NetAddr::CIDR.create(v[type]) + end + end + addrs end def find_address(subnet, assigned_subnets) diff --git a/hooks/lib/lxc/rdns.rb b/hooks/lib/lxc/rdns.rb index f81e5db..c98b22e 100644 --- a/hooks/lib/lxc/rdns.rb +++ b/hooks/lib/lxc/rdns.rb @@ -20,6 +20,8 @@ module Lxc arpa = NetAddr::CIDR.create(ip).arpa next unless arpa.end_with?(@subnet.arpa) host_part = arpa[0, arpa.size - @subnet.arpa.size - 1] + # only allowed characters in FQDN + name = name.gsub(/[^a-zA-Z0-9\-]/, "-") yield name, host_part end end diff --git a/hooks/lib/lxc/template.rb b/hooks/lib/lxc/template.rb index 48f2b63..9be8708 100644 --- a/hooks/lib/lxc/template.rb +++ b/hooks/lib/lxc/template.rb @@ -5,6 +5,9 @@ module Lxc def get_binding binding end + def fqdn(v) + v.to_s.gsub(/[^a-zA-Z0-9\-]/, "-") + end end class Template diff --git a/hooks/update-lxc-configs b/hooks/update-lxc-configs index 5585505..8bfb7b6 100755 --- a/hooks/update-lxc-configs +++ b/hooks/update-lxc-configs @@ -12,9 +12,8 @@ network.each do |name, container| name: name, ipv4: container["ipv4"], ipv6: container["ipv6"], + ula: container["ula"], rootfs: LXC_CONTAINER_ROOT.join(name, "rootfs"), - dn42_ipv4: container["dn42_ipv4"], - dn42_ipv6: container["dn42_ipv6"], group: container["group"], vars: container["vars"]) container.write_config(LXC_CONTAINER_ROOT.join(name, "config")) diff --git a/hooks/update-mounts b/hooks/update-mounts new file mode 100755 index 0000000..f60af49 --- /dev/null +++ b/hooks/update-mounts @@ -0,0 +1,59 @@ +#!/usr/bin/env ruby + +require 'pathname' +require_relative "lib/lxc" + +LXC_ROOT = Pathname.new("/data/containers") +FSTAB_D = Pathname.new("/etc/fstab.d") + +def fstab_entries(src_path, dest_path, mounts) + unless src_path.exist? + abort "container directory for shared mount does not exists #{dest_path}" + end + unless src_path.exist? + abort "container directory for shared mount does not exists #{src_path}" + end + entries = mounts.map do |src, dest| + src = src.gsub(/^\//, "") + + src_mount = dest_path.join(src) + puts ("mkdir -p #{src_mount}") + if dest == true + dest_mount = src_path.join(src) + else + dest_mount = src_path.join(dest.gsub(/^\//, "")) + end + FileUtils.mkdir_p(dest_mount) + "#{src_mount} #{dest_mount} none bind,nofail,x-systemd.device-timeout=1 0 0" + end + + entries +end + +def main + registry = Lxc::Registry.new + network = registry.data["network"] || {} + network.each do |name, container| + src_path = LXC_ROOT.join(name, "rootfs") + containers = container["mounts"] + next if containers.nil? + + fstab = [] + containers.each do |dest_container, mounts| + dest_path = LXC_ROOT.join(dest_container, "rootfs") + fstab << fstab_entries(src_path, dest_path, mounts) + end + content = fstab.join("\n") + path = FSTAB_D.join("50_lxc_#{name}") + + f = File.open(path, "w+") + f.write content + f.write "\n" + f.close + + Lxc::Utils.sh("update-conf.d", "fstab") + Lxc::Utils.sh("mount", "-a") + end +end + +main diff --git a/templates/config.erb b/templates/config.erb index cbbecb7..f46f9d1 100644 --- a/templates/config.erb +++ b/templates/config.erb @@ -4,14 +4,5 @@ lxc.utsname = <%= name %> lxc.rootfs = <%= rootfs %> lxc.network.ipv4 = <%= ipv4 %> lxc.network.ipv6 = <%= ipv6 %> +lxc.network.ipv6 = <%= ula %> lxc.network.veth.pair = lxc_<%= name[0..(16-4)] %> - -<% if dn42_ipv4 || dn42_ipv6 -%> -lxc.include = /etc/lxc/evenet.conf -<% if dn42_ipv4 -%> -lxc.network.ipv4 = <%= dn42_ipv4 %> -<% end -%> -<% if dn42_ipv6 -%> -lxc.network.ipv6 = <%= dn42_ipv6 %> -<% end -%> -<% end -%> diff --git a/templates/higgsboson.tk.zone.erb b/templates/higgsboson.tk.zone.erb index 2289834..56beac1 100644 --- a/templates/higgsboson.tk.zone.erb +++ b/templates/higgsboson.tk.zone.erb @@ -35,7 +35,7 @@ pubsub CNAME jabber imap CNAME mail smtp CNAME mail -tinc1 CNAME dn42 +muc CNAME web archfeed CNAME arch-pkg-feed.herokuapp.com. githubtags CNAME github-tags-feed.herokuapp.com. diff --git a/templates/lxc-zone.erb b/templates/lxc-zone.erb index 4c640db..7904fa4 100644 --- a/templates/lxc-zone.erb +++ b/templates/lxc-zone.erb @@ -11,7 +11,7 @@ $TTL <%= data["zone"]["ttl"] %> <% data["network"].each do |name, value| -%> <% if value["ns"] -%> - NS <%= name %> + NS <%= fqdn(name) %> <% end -%> <% end -%> @@ -23,17 +23,21 @@ $TTL <%= data["zone"]["ttl"] %> <% end -%> <% data["network"].each do |name, value| %> <% if value["cname"] -%> -<%= name %> CNAME <%= value["cname"] %> +<%= fqdn(name) %> CNAME <%= value["cname"] %> <% end -%> <% if value["srv"] -%> -<%= name %> SRV <%= value["srv"] %> +<%= fqdn(name) %> SRV <%= value["srv"] %> <% end -%> <% if value["ipv4"] -%> -<%= name %> A <%= NetAddr::CIDR.create(value["ipv4"]).ip(Short: true) %> -ipv4.<%= name %> A <%= NetAddr::CIDR.create(value["ipv4"]).ip(Short: true) %> +<%= fqdn(name) %> A <%= NetAddr::CIDR.create(value["ipv4"]).ip(Short: true) %> +ipv4.<%= fqdn(name) %> A <%= NetAddr::CIDR.create(value["ipv4"]).ip(Short: true) %> <% end -%> <% if value["ipv6"] -%> -<%= name %> AAAA <%= NetAddr::CIDR.create(value["ipv6"]).ip(Short: true) %> -ipv6.<%= name %> AAAA <%= NetAddr::CIDR.create(value["ipv6"]).ip(Short: true) %> +<%= fqdn(name) %> AAAA <%= NetAddr::CIDR.create(value["ipv6"]).ip(Short: true) %> +ipv6.<%= fqdn(name) %> AAAA <%= NetAddr::CIDR.create(value["ipv6"]).ip(Short: true) %> +<% end -%> +<% if value["ula"] -%> +<%= fqdn(name) %> AAAA <%= NetAddr::CIDR.create(value["ula"]).ip(Short: true) %> +ula.<%= fqdn(name) %> AAAA <%= NetAddr::CIDR.create(value["ula"]).ip(Short: true) %> <% end -%> <% end -%> diff --git a/templates/rdns-zone.erb b/templates/rdns-zone.erb index cfa3a25..ff985d1 100644 --- a/templates/rdns-zone.erb +++ b/templates/rdns-zone.erb @@ -6,10 +6,10 @@ <%= data["zone"]["minimum"] %>) ; minimum <% data["network"].each do |name, value| -%> <% if value["ns"] -%> - IN NS <%= name %>.<%= data["zone"]["domain"] %>. + IN NS <%= fqdn(name) %>.<%= data["zone"]["domain"] %>. <% end -%> <% end -%> <% zone.pointers do |name, addr| -%> -<%= addr %> PTR <%= name %>.<%= data["zone"]["domain"] %>. +<%= addr %> PTR <%= fqdn(name) %>.<%= data["zone"]["domain"] %>. <% end -%>